That is your default.py, correct? Which function are you trying to protect with authorization? I'm guessing it's the index or show.
First off, I'd get rid of the user and download functions you added. They are already in place as they should be (the ones at the bottom are what you want). If I'm correct in my guess about protecting index or show, then you need to add a decorator to them. I'd add @auth.requires_login() on the line above: def show(): ...and then give it a try. -Jim On Wed, Apr 22, 2020 at 5:28 PM Jon Paris <[email protected]> wrote: > Again pretty much the scaffold code plus the tutorial changes I think. > > # -*- coding: utf-8 -*- > # ------------------------------------------------------------------------- > # This is a sample controller > # this file is released under public domain and you can use without > limitations > # ------------------------------------------------------------------------- > > # ---- example index page ---- > def index(): > images = db().select(db.image.ALL, orderby=db.image.title) > return dict(images=images) > > def show(): > image = db.image(request.args(0, cast=int)) or redirect(URL('index')) > db.post.image_id.default = image.id > form = SQLFORM(db.post) > if form.process().accepted: > response.flash = 'your comment is posted' > comments = db(db.post.image_id == image.id).select(orderby=db.post.id) > return dict(image=image, comments=comments, form=form) > > def download(): > return response.download(request, db) > > def user(): > return dict(form=auth()) > > > # ---- API (example) ----- > @auth.requires_login() > def api_get_user_email(): > if not request.env.request_method == 'GET': raise HTTP(403) > return response.json({'status':'success', 'email':auth.user.email}) > > # ---- Smart Grid (example) ----- > @auth.requires_membership('admin') # can only be accessed by members of > admin groupd > def grid(): > response.view = 'generic.html' # use a generic view > tablename = request.args(0) > if not tablename in db.tables: raise HTTP(403) > grid = SQLFORM.smartgrid(db[tablename], args=[tablename], > deletable=False, editable=False) > return dict(grid=grid) > > # ---- Embedded wiki (example) ---- > def wiki(): > auth.wikimenu() # add the wiki to the menu > return auth.wiki() > > # ---- Action for login/register/etc (required for auth) ----- > def user(): > """ > exposes: > http://..../[app]/default/user/login > http://..../[app]/default/user/logout > http://..../[app]/default/user/register > http://..../[app]/default/user/profile > http://..../[app]/default/user/retrieve_password > http://..../[app]/default/user/change_password > http://..../[app]/default/user/bulk_register > use @auth.requires_login() > @auth.requires_membership('group name') > @auth.requires_permission('read','table name',record_id) > to decorate functions that need access control > also notice there is http://..../[app]/appadmin/manage/auth to allow > administrator to manage users > """ > return dict(form=auth()) > > # ---- action to server uploaded static content (required) --- > @cache.action() > def download(): > """ > allows downloading of uploaded files > http://..../[app]/default/download/[filename] > """ > return response.download(request, db) > On Wednesday, April 22, 2020 at 6:23:54 PM UTC-4, Jim S wrote: >> >> Jon >> >> What does your controller look like? >> -Jim >> >> On Wed, Apr 22, 2020 at 5:13 PM Jon Paris <[email protected]> wrote: >> >>> Yes - I can see that now - but that was in the original scaffolding. >>> >>> I moved stuff around and now have this at the start: >>> >>> from gluon.contrib.appconfig import AppConfig >>> from gluon.tools import Auth >>> >>> db = DAL("sqlite://storage.sqlite") >>> >>> auth = Auth(db) >>> auth.define_tables(username=True) >>> >>> The removed the duplicate entry for db = later in the script. >>> >>> Same problem. App works but no authentication request. >>> >>> There's still a lot of "extra stuff" in the scaffolded code that I don't >>> think I need it or not - but no duplication that I can see. >>> >>> >>> On Wednesday, April 22, 2020 at 5:49:45 PM UTC-4, Jim S wrote: >>>> >>>> Jon >>>> >>>> You're redefining db right above your define_table for 'image'. db is >>>> already assigned/defined higher up in the db.py file. We don't want to >>>> redefine it. >>>> >>>> I've just been looking at the tutorial you're following and see that it >>>> seems a bit out-dated. >>>> >>>> -Jim >>>> >>>>> >>>>> -- >>> Resources: >>> - http://web2py.com >>> - http://web2py.com/book (Documentation) >>> - http://github.com/web2py/web2py (Source code) >>> - https://code.google.com/p/web2py/issues/list (Report Issues) >>> --- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "web2py-users" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/web2py/51UaQT4SxbQ/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/web2py/9efdf98e-a87f-41f3-aeb2-9813ebd9679a%40googlegroups.com >>> <https://groups.google.com/d/msgid/web2py/9efdf98e-a87f-41f3-aeb2-9813ebd9679a%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > Resources: > - http://web2py.com > - http://web2py.com/book (Documentation) > - http://github.com/web2py/web2py (Source code) > - https://code.google.com/p/web2py/issues/list (Report Issues) > --- > You received this message because you are subscribed to a topic in the > Google Groups "web2py-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/web2py/51UaQT4SxbQ/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/web2py/f998f6a2-a70f-4ecc-a62a-476dedeef390%40googlegroups.com > <https://groups.google.com/d/msgid/web2py/f998f6a2-a70f-4ecc-a62a-476dedeef390%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CAERBpoDVYRGNYW_NeC%2BM_i5ppz-SdfCg_CW8FHf%2B3sWpfr1L4g%40mail.gmail.com.
